You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wiki-changes@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2009/04/07 17:41:45 UTC
[Httpd Wiki] Update of "InternalDummyConnection" by JeffGodin
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by JeffGodin:
http://wiki.apache.org/httpd/InternalDummyConnection
The comment on the change is:
added section on SSL considerations
------------------------------------------------------------------------------
In 2.2.6 and earlier, in certain configurations, these requests may hit a heavy-weight dynamic web page and cause unnecessary load on the server. You can avoid this by using mod_rewrite to respond with a redirect when accessed with that specific User-Agent or IP address.
+ === SSL Considerations ===
+
+ The internal dummy connections are not capable of speaking SSL. Thus, on servers with SSL enabled, these requests may generate noise in the server error log similar to the following:
+ {{{
+ [info] [client ::1] Connection to child 6 established (server localhost:443)
+ [info] Seeding PRNG with 656 bytes of entropy
+ [info] [client ::1] SSL library error 1 in handshake (server localhost:443)
+ [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
+ [info] [client ::1] Connection closed to child 6 with abortive shutdown (server localhost:443)
+ }}}
+
+ You can work around this by ensuring that the last Listen directive in your server configuration is not using SSL. In a typical setup, this would mean that "Listen 443" would come before "Listen 80".
+
+ This workaround should cause the internal dummy connections to be made to the non-SSL port, where you can optionally filter them out using the suggestions above.
+
+ In a future release, the server will attempt to connect to a non-SSL port by default. This change has been committed to svn, but not yet released (as of this writing).
+
+ Please see [https://issues.apache.org/bugzilla/show_bug.cgi?id=39653 Bug 39653] for more background.
+